Skip to content
SecRoles

Information Security Manager

Nox Health Group, Inc.Alpharetta, GA, USJune 3, 2026
On-site
Full-time
Leadership
Management

About Us

Simply put, we believe in the power of sleep.

As sleep health champions, we want more and more people to wake up to a brighter day every day. And, we are making daily progress, as we help more organizations see sleep as transformational and a foundational pillar of health. We strive to give more access to the technology and care they need to lead fuller lives.

Our depth of knowledge in the science of sleep gives us a unique perspective on sleep as a critical intervention strategy in chronic disease. We help people see the right problem and the right way forward, elevating not just our solutions but also advancing the field of sleep medicine.

Our vision is to work with our partners — employers, health systems, health plans, government agencies, provider groups and others committed to transforming care — to expand sleep health care to where it is needed, so it can take its rightful place in the healthcare ecosystem.

About the role

The Information Security Manager is responsible for leading the organization’s cybersecurity program to protect systems, networks, data, and business operations from evolving threats. This role oversees security strategy execution, manages security operations, ensures regulatory compliance, and drives risk reduction initiatives across the enterprise. This role oversees security operations program and ensures the effective execution and continuous improvement of core cybersecurity functions

The ideal candidate is a hands-on technical leader who can translate security strategy into operational execution, mature security processes, and drive measurable risk reduction across the enterprise. This individual will lead security operations, support compliance initiatives (HIPAA, HITRUST, SOC 2, ISO 27001, and FedRAMP), manage risk, and partner cross-functionally to embed security into product development and cloud infrastructure.

What you'll do

Security Program Leadership

  • Lead day-to-day security operations and manage security team members, providing mentorship, performance management, and professional development.
  • Help develop, implement, and maintain information security strategy and roadmap aligned with business objectives and customer commitments.
  • Establish and track security KPIs and metrics; provide regular reporting to leadership.
  • Promote a strong security culture across the organization.
  • Serve as a trusted advisor to product, engineering, compliance, and customer success teams.

Security Operations

  • Oversee monitoring, detection, and response to security events and incidents.
  • Ensure proper management of security tools including SIEM, EDR, vulnerability management, DLP, IAM, and CSPM solutions.
  • Ensure secure configuration and hardening of devices, cloud infrastructure, and SaaS platforms.
  • Oversee Managed Detection and Response service.
  • Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines.
  • Support secure architecture reviews for new products and features.
  • Drive continuous improvement of operational security processes.

Risk Management & Compliance

  • Monitor emerging threats and adjust defensive strategies accordingly.
  • Align risk management activities with regulatory and compliance requirements.
  • Conduct and oversee risk assessments across systems, applications, and vendors.
  • Maintain and track the enterprise risk register and remediation plans.
  • Ensure compliance with relevant regulatory and industry standards.
  • Maintain policies, standards, and procedures aligned with NIST CSF, ISO 27001, HITRUST, and FedRAMP frameworks.
  • Support internal and external audits to achieve certifications.

Incident Response & Threat Management

  • Lead the incident response program, including preparation, detection, analysis, containment, eradication, and recovery.
  • Support the development, maintenance, and testing of Incident Response Plan.
  • Oversee triage and investigation of security events and alerts.
  • Coordinate cross-functional teams during security incidents and internal incident exercises.
  • Act as escalation point and incident commander for major security incidents.
  • Conduct post-incident reviews and drive root cause analysis and corrective actions.
  • Maintain and test incident response playbooks, including breach notification procedures.
  • Monitor emerging healthcare and SaaS-specific threats.

Vulnerability Management

  • Oversee vulnerability scanning, remediation tracking, and reporting across infrastructure and applications.
  • Prioritize remediation efforts based on business impact and risk.
  • Coordinate penetration testing and track remediation to closure.

Business Continuity & Resilience

  • Support the development, maintenance, and testing of Business Continuity and Disaster Recovery plans.
  • Ensure disaster recovery testing is conducted regularly and documented.
  • Ensure security considerations are embedded in resilience planning.
  • Ensure backup, recovery, and resilience capabilities meet defined RTO/RPO objectives.
  • Lead tabletop exercises and crisis management activities.

Collaboration & Advisory

  • Partner with IT, devops, development, engineering, legal, compliance, and business teams to embed security into projects and operations.
  • Provide security guidance for new technologies, cloud deployments, and third-party integrations.
  • Evaluate and recommend security technologies and solutions.

Qualifications

  • Bachelor’s degree in Information Security, Computer Science, Information Technology, or related field (or equivalent experience).

  • 7+ years of progressive experience in cybersecurity.

  • 3+ years of experience leading or managing security operations teams.

  • Professional certifications such as CISSP, CISM, CRISC, GIAC, or equivalent (preferred).

  • Hands-on experience with security operations tools such as SIEM, endpoint security, DLP, vulnerability scanning or continuous exposure management, and identity management systems.

  • Working experience with managing incident response activities

  • Experience in conducting risk assessments.

  • Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls).

  • Experience with cloud security (AWS, Azure, GCP).

  • Experience working in regulated environments (e.g., healthcare, financial services, SaaS, etc.).

  • Strong communication and stakeholder management skills.

  • Experience leading cross-functional security initiatives.

  • Experience leading audit and compliance initiatives (leading HITRUST and FedRAMP certifications is preferred).

  • Familiarity with DevSecOps practices.

  • Experience with GRC platforms.

  • Strong understanding of PHI protection and data privacy

Job Details

Experience

Management

Tools & Tech

AWS
Azure
GCP

Preferred Certs

CISM
CISSP
CRISC
Apply